Managed Wireless Service: Technical support

Expand All

For end user issues, we encourage all users to contact their local ITSS initially so that they can perform 1st Line Support. If the issue cannot be resolved, the ITSS should contact and provide details of the problem including the wireless MAC address of the client and the end user’s Oxford username. Please include “MWS” in the subject line. Including timestamps against the issues is very helpful.

The technical support for the Managed Wireless Service is for the ITSS of current customers only. Support calls raised directly by end users will be rejected.

Mist APs do not have a controller and make changes to their own configuration individually however this is informed by a significant dataset, processed, and analysed the Mist Cloud. Each AP has an IP address that it uses to communicate with Mist Cloud and to other equipment in the centre of the Oxford network (Management Plane). We highly recommend that this is assigned using a DHCP reservation.

Wireless client traffic (Data Plane) can be handled completely separately, either exiting the AP on a different VLAN to the Management or by being put into a tunnel to go back to a central piece of equipment.

The latter is how both OWL and eduroam operate. The client traffic is tunnelled back to a cluster of devices called Mist Edges which allow the client traffic to join a large central network which is common to all APs. This has a major benefit in allowing clients to roam between APs that may even be installed in separate buildings and on separate networks. RADIUS authentication is also proxied via this tunnel, all of which removes the need for additional configuration on switch infrastructure. See the diagram below for more details.

Diagram of the managed wireless service


All connections are initiated from the APs which means that they can operate happily within a NAT’d network.

Local custom SSIDs may also point to different RADIUS servers and can support a range of features. Keep in mind that RADIUS requests will come from individual AP management IPs as they do not use a controller.

To ensure that the APs can operate as expected, please follow our Firewall guide on the details of traffic that should be whitelisted.

If all outbound traffic from the AP management VLAN is allowed no further work should be required.

The entire Managed Wireless Service (MWS) is built of hardware that supports the 802.11ax standard, also known as WiFi 6. This has brought a number of important updates:

  • Significant increase in maximum client density (OFDMA)
  • Updates to both 2.4 and 5GHz bands (first update for 2.4GHz in a decade!)
  • Mandatory fast roaming
  • New power saving operations

In the past, WiFi improvements have had very little affect as they required the clients to also use the technology. However, the market uptake of WiFi 6 has been rapid and ubiquitous. As of June 2022, the share of clients supporting the new standard makes up for over 46% of those on the Managed Wireless Service.

The details behind how these improvements are achieved can get very technical. For those interested, CWNP have a useful YouTube briefing that you can watch here: 802.11ax - What's New Webinar

The light on the front of the Mist AP is a very useful diagnostic tool for troubleshooting issues with getting connectivity to the Mist Cloud management platform.

Mist have an excellent article detailing this: What is LED telling me?

The Mist Cloud interface is the primary way for you to keep an eye on your WiFi and the end user experience and it also provides a substantial diagnostic platform for troubleshooting. This section details the parts of the interface that you will use frequently.

In the WiFi world, we’re not only concerned with whether an APs is up or down but in the quality of the end user experience. The service level expectations (SLEs) collate data from the client devices and expose where issues are occurring.

This can be accessed from the Monitor > Service Levels menu from the top right of the Mist Cloud interface, then select the Wireless button at the top.


Image showing sample service level information using the management interface


Mist have a break down of how to use this interface and what each section really means: Service Level Expectations (SLE)

Also see the “Troubleshooting with SLEs” section below for more ideas on how to put this section to good use.

The Insights section is one of the most useful diagnostic tools in Mist Cloud.

It can be accessed from the Monitor > Service Levels menu from the top right of the Mist Cloud interface, then select the Insights button at the top.

Here you can explore the timeline of what has happened to a client or an AP and track down problems without needing to see them at the time. Mist explain it all here: Insights


Image showing sample information using the insights section of the management interface


If this issue is particularly troublesome and needs a more in-depth look, Mist will save a packet capture of any “bad” insight events. These can then be downloaded right from the interface and examined in a program like Wireshark. For more details, see the Mist article: Dynamic Packet Capture

Within Mist is a troubleshooting engine that takes advantage of machine learning to proactively find route causes for issues and flag issues. This function, Marvis, also has a query function that allows you to ask for information such as:

  • Troubleshoot [client]
  • Roaming of [client]
  • List WLANs by client count
  • List client events with event type [Type e.g. 802.11-Auth-Denied]

There are a lot of possibilities so take some time to explore this and get creative. You can get to this from the Marvis menu on the left of the Mist Cloud interface. Many of the tables and lists generated can be exported as .CSV files. Also see the section on troubleshooting with Marvis below.

You may find the system doesn’t always interpret your request in the way that you intend. When this happens, we also recommend setting the search to “Query Language” using the button in the top right. This will allow a more command line approach to the input.

These menus are where you can drill down into specific information. In both cases you can click on an individual entry to get to more details. Clients > WiFi Clients and Access Points menus are available on the left side of the Mist Cloud interface. In both menus, there is an important button in the top right, the column selector:


This allows you to tailor the information that you want to see and rearrange the columns by dragging the boxes around.

In the top left of the list interface is a search field. Typing in here can prompt suggestions to autofill, or you can just hit enter to search in a broader way. This can be very powerful if used in a compound way. For instance, in Clients, I could search for 'Android 12' and then search for 'OWL'. This creates a compound filter that shows only Android 12 clients on the OWL WLAN. Each of these filter components appears as a box and can be separately disabled. 


Only data in columns that are displayed at the time can searched


A key requirement for all buildings with MWS is that the locations of APs are properly documented. This is held within Mist Cloud under the Maps section: Location > Live View. Your building will have a scaled set of plans for each floor displaying a lot of information. As with the AP and Client List menus, you can filter what information is show with this button in the top right:


From the panel on the right, you can select an individual client or AP to show more information. In the case of APs, this also includes their installation photos.

Once you are familiar with Mist Cloud interface, you may be wondering how you can put some of the features to use. Below are some examples for some inspiration:

Mist have a breakdown to troubleshoot issues for when an AP isn’t checking in with the Mist Cloud properly.  See the Troubleshooting AP Disconnect Issues for more information. 

All Mist APs on MWS also have a Bluetooth radio. In instances where an AP is powered but still cannot get connectivity, it will broadcast the problem by Bluetooth so all nearby APs that will report it back to the Mist Cloud platform. This is very useful when DHCP fails and an AP can’t get an IP address.

Digging into the details in the SLE section can be very enlightening. The following in-depth look from Mist will give you some examples of what you may find: Troubleshooting with SLE’s

Depending on your query in Marvis, the output can be very different and often dynamic with multiple sections. This Mist article shows how that can be very useful: Client Troubleshooting with Marvis

The following section details some of the common problems that you may encounter from your WiFi users including how to fix them:

Symptom: Client devices can see OWL in the SSID list but cannot see eduroam.

Explanation: In 2021 it was identified by IT Services that some Intel WiFi chipsets were operating out of specification and ignored WiFi 6 SSIDs. This was the case for a group of specific hardware using drivers of a certain age. However, these chipsets were very common amongst PC laptops. For more details of the affected chipsets and drivers, as well as the version including fix are detailed on this Intel support article.

Fix: Using the OWL SSID, update the drivers for the Intel WiFi interface inline with this Intel support article.

Symptom: On entering a building or area a client device successfully authenticates onto eduroam or OWL however initially struggles to transmit or receive traffic. Examining the Insights for the client device in Mist shows one or both of the following events:

  • DHCP Denied – DHCP NACK
  • 11r FBT Failure – Status code 53 "Invalid pairwise master key identifier (PMKID)"

Explanation: Not all departments and colleges use the Managed Wireless Service (MWS). The 3rd party wireless systems in these areas do not use the same networks. When a client connects to one of these systems and then attempts to roam onto the MWS system (or vice-versa), it expects these to run on the same network and continues to use the same IP address and gateway details. These are invalid and it takes time for the client to realise before starting the DHCP discovery process again to gain a new address.

Also Mist runs a wireless fast roaming protocol, 802.11r. Clients cache information from the APs to speed up authentication however, this information becomes invalid when switching between systems. If a neighbouring 3rd party system also uses 802.11r, then that roam will not complete successfully, and the client will have to gain new cached credentials.

For both DHCP and 802.11r, the speed at which a client device recovers is entirely dependent on hardware and operating system.

Fix: Unfortunately, this is an operational reality of the University. The situation can be mitigated to some extent but can only be done through wireless design and cooperation with the neighbouring college/department. Managed Network Services is happy to assist with this as part of your service.

Get support

If you cannot find the solution you need here then we have other ways to get IT support

Get IT support